Core client classes for initializing and managing AWS STS service connections with comprehensive configuration options and platform-specific optimizations.
The primary client class for AWS STS operations, providing the command-based interface with full configuration control.
/**
* Primary client class for AWS STS operations
* Extends Smithy client with STS-specific configuration and middleware
*/
class STSClient {
constructor(configuration?: STSClientConfig);
/**
* Send a command to the STS service
* @param command - The command to execute
* @returns Promise resolving to the command output
*/
send<InputType, OutputType>(
command: Command<InputType, OutputType>
): Promise<OutputType>;
/**
* Clean up client resources and close connections
*/
destroy(): void;
}
/**
* Configuration options for STSClient
*/
interface STSClientConfig {
/** AWS region for STS operations */
region?: string | Provider<string>;
/** AWS credential provider */
credentials?: AwsCredentialIdentityProvider;
/** Custom service endpoint */
endpoint?: string | Provider<string> | Endpoint;
/** Maximum retry attempts for failed requests */
maxAttempts?: number | Provider<number>;
/** Retry strategy mode (standard, adaptive) */
retryMode?: string | Provider<string>;
/** Use FIPS-compliant endpoints */
useFipsEndpoint?: boolean | Provider<boolean>;
/** Use dual-stack IPv4/IPv6 endpoints */
useDualstackEndpoint?: boolean | Provider<boolean>;
/** Custom logger instance */
logger?: Logger;
/** Runtime extensions for custom behavior */
extensions?: RuntimeExtension[];
}Usage Examples:
import { STSClient, AssumeRoleCommand } from "@aws-sdk/client-sts";
// Basic client
const client = new STSClient({ region: "us-east-1" });
// Client with custom configuration
const client = new STSClient({
region: "us-west-2",
maxAttempts: 5,
retryMode: "adaptive",
useFipsEndpoint: true,
logger: console
});
// Using the client
const command = new AssumeRoleCommand({
RoleArn: "arn:aws:iam::123456789012:role/MyRole",
RoleSessionName: "MySession"
});
const response = await client.send(command);Convenience wrapper class providing shortcut methods for each STS operation with both promise and callback support.
/**
* Convenience wrapper class for STS operations
* Extends STSClient with shortcut methods for each operation
*/
class STS extends STSClient {
constructor(configuration?: STSClientConfig);
/** Assume an IAM role - Promise API */
assumeRole(params: AssumeRoleRequest): Promise<AssumeRoleResponse>;
/** Assume an IAM role - Callback API */
assumeRole(params: AssumeRoleRequest, callback: (err: any, data: AssumeRoleResponse) => void): void;
/** Assume an IAM role - Callback with options */
assumeRole(
params: AssumeRoleRequest,
options: any,
callback: (err: any, data: AssumeRoleResponse) => void
): void;
/** Assume role with SAML assertion */
assumeRoleWithSAML(params: AssumeRoleWithSAMLRequest): Promise<AssumeRoleWithSAMLResponse>;
assumeRoleWithSAML(params: AssumeRoleWithSAMLRequest, callback: (err: any, data: AssumeRoleWithSAMLResponse) => void): void;
/** Assume role with web identity token */
assumeRoleWithWebIdentity(params: AssumeRoleWithWebIdentityRequest): Promise<AssumeRoleWithWebIdentityResponse>;
assumeRoleWithWebIdentity(params: AssumeRoleWithWebIdentityRequest, callback: (err: any, data: AssumeRoleWithWebIdentityResponse) => void): void;
/** Assume root privileges with scoped permissions */
assumeRoot(params: AssumeRootRequest): Promise<AssumeRootResponse>;
assumeRoot(params: AssumeRootRequest, callback: (err: any, data: AssumeRootResponse) => void): void;
/** Get caller identity information */
getCallerIdentity(params?: GetCallerIdentityRequest): Promise<GetCallerIdentityResponse>;
getCallerIdentity(params: GetCallerIdentityRequest, callback: (err: any, data: GetCallerIdentityResponse) => void): void;
/** Get session token */
getSessionToken(params?: GetSessionTokenRequest): Promise<GetSessionTokenResponse>;
getSessionToken(params: GetSessionTokenRequest, callback: (err: any, data: GetSessionTokenResponse) => void): void;
/** Get federation token */
getFederationToken(params: GetFederationTokenRequest): Promise<GetFederationTokenResponse>;
getFederationToken(params: GetFederationTokenRequest, callback: (err: any, data: GetFederationTokenResponse) => void): void;
/** Decode authorization message */
decodeAuthorizationMessage(params: DecodeAuthorizationMessageRequest): Promise<DecodeAuthorizationMessageResponse>;
decodeAuthorizationMessage(params: DecodeAuthorizationMessageRequest, callback: (err: any, data: DecodeAuthorizationMessageResponse) => void): void;
/** Get access key info */
getAccessKeyInfo(params: GetAccessKeyInfoRequest): Promise<GetAccessKeyInfoResponse>;
getAccessKeyInfo(params: GetAccessKeyInfoRequest, callback: (err: any, data: GetAccessKeyInfoResponse) => void): void;
}Usage Examples:
import { STS } from "@aws-sdk/client-sts";
const sts = new STS({ region: "us-east-1" });
// Promise-based usage
const identity = await sts.getCallerIdentity();
console.log(`Account: ${identity.Account}`);
// Callback-based usage
sts.assumeRole({
RoleArn: "arn:aws:iam::123456789012:role/MyRole",
RoleSessionName: "MySession"
}, (err, data) => {
if (err) console.error(err);
else console.log(data.Credentials);
});Advanced configuration options for customizing client behavior and runtime extensions.
/**
* Interface for runtime extensions that modify client behavior
*/
interface RuntimeExtension {
configure(extensionConfiguration: STSExtensionConfiguration): void;
}
/**
* Configuration for STS client extensions
*/
interface STSExtensionConfiguration {
// Extends base extension configurations for HTTP handling,
// AWS region resolution, and authentication
}
/**
* Input parameters for endpoint resolution
*/
interface ClientInputEndpointParameters {
/** AWS region */
region?: string;
/** Use dual-stack endpoints */
useDualstackEndpoint?: boolean;
/** Use FIPS endpoints */
useFipsEndpoint?: boolean;
/** Custom endpoint URL */
endpoint?: string;
/** Use global endpoint for us-east-1 */
useGlobalEndpoint?: boolean;
}The STS client supports different runtime environments with platform-specific optimizations:
Node.js Configuration:
import { STSClient } from "@aws-sdk/client-sts";
// Node.js-optimized client
const client = new STSClient({
region: "us-east-1",
// Uses Node.js HTTP handler by default
// Supports credential providers from files, environment, IAM roles
});Browser Configuration:
import { STSClient } from "@aws-sdk/client-sts";
// Browser-optimized client
const client = new STSClient({
region: "us-east-1",
// Uses fetch HTTP handler by default
// Supports Cognito credentials, web identity federation
});React Native Configuration:
import { STSClient } from "@aws-sdk/client-sts";
// React Native-optimized client
const client = new STSClient({
region: "us-east-1",
// Uses React Native-specific HTTP handler
// Supports mobile-optimized credential providers
});All STS operations can throw service-specific exceptions that extend the base STSServiceException:
import { STSClient, AssumeRoleCommand, STSServiceException } from "@aws-sdk/client-sts";
try {
const response = await client.send(command);
} catch (error) {
if (error instanceof STSServiceException) {
console.error(`STS Error: ${error.name} - ${error.message}`);
console.error(`Request ID: ${error.$metadata.requestId}`);
} else {
console.error("Unexpected error:", error);
}
}